When laptops, backup tapes, and hard drives containing sensitive client or customer data are stolen or go missing, or when servers containing such data are compromised, Stroz Friedberg personnel investigate and perform unassailable technical assessments of the origin, nature, and extent of the intrusion. In all cases, such assessments are key to protecting the corporate network and determining whether the attacker is a low-level script kiddy, a current or ex-employee, or a sophisticated hacker employed by a competitor or a hostile government. In cases where customers' personally identifiable information (PII) is potentially compromised, our assessments are a key component in the decision of management and counsel whether notifications are required under the state data breach notification statutes. Our assessments can answer:
- What was on the misplaced or stolen media? Especially, in the case of backup tapes and external hard drives, it’s often far from clear.
- Was the attacker an insider or an outsider, sophisticated or a beginner, successful or unsuccessful, in obtaining sensitive data?
- Did the intruder access credit card information, dates of birth, Social Security numbers, PIN numbers, or other PII? If so, how many, and for customers in what states?
- Was the illegally-accessed data encrypted, in which case notification need not be made? If not encrypted, would the data on a backup tape be so difficult to restore that, as a practical matter, there is no real risk of harm to customers? Under some state statutes, that may exempt notification.
- Should law enforcement be notified and, if so, when? Such referral may postpone notification requirements under some state statutes.
Our unique methodology – using both traditional investigative means, computer forensics, and our cyber-crime response – enables us to reach answers upon which Boards of Directors, corporate officers, and information technology executives can rely in assessing the damage to the company, deciding whether to make statutory notifications, making public statements regarding the intrusion, and deciding whether to report the matter to law enforcement or, in the case of defense contractors, to the Intelligence Community. We also help in credibly verifying that required notifications have been made, and providing liaison with law enforcement and intelligence agencies.